9252e5d667
Removed the rootless dockerfile as upon further investigation into how a `rootless` container works, the entrypoint that has been written fully accomodates that to reflect this the compose file has had the rootless config removed from it as it is no longer needed to test a seperate container image, added a debug echo function `decho` to the entrypoint, when `DEBUG=true` it will print "[entrypoint] message content" added a 10 second wait to the entrypoint to allow other services such as docker-in-docker and forgejo to finish launching before the runner is launched, this is bypassable by `SKIP_WAIT=true` applied several modifications requested by viceice,
173 lines
5.5 KiB
Bash
173 lines
5.5 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
run_command() {
|
|
local cmd="$1"
|
|
redacted_cmd=$(echo "$cmd" | sed -E 's/(--secret\s+|--token\s+)[^ ]+/--\1[REDACTED]/g')
|
|
decho "Running command: $redacted_cmd"
|
|
if [[ "$ISROOT" == true ]]; then
|
|
decho "Running as forgejo-runner"
|
|
su -c "$cmd" forgejo-runner
|
|
else
|
|
decho "Running as RUNNER_USER: ${RUNNER_USER}"
|
|
eval "$cmd"
|
|
fi
|
|
}
|
|
|
|
decho() {
|
|
if [[ "${DEBUG}" == "true" ]]; then
|
|
echo "[entrypoint] $@"
|
|
fi
|
|
}
|
|
|
|
# Initial setup
|
|
cd /data
|
|
|
|
decho "RUNNER_USER: ${RUNNER_USER}"
|
|
RUNNER_USER="${RUNNER_USER:-1000}"
|
|
# Check if the script is running as root
|
|
if [[ $(id -u) -eq 0 ]]; then
|
|
ISROOT=true
|
|
decho "Running as root"
|
|
fi
|
|
|
|
if [[ "$ISROOT" == true ]]; then
|
|
# Check if the forgejo-runner user exists
|
|
if id "forgejo-runner" &>/dev/null; then
|
|
echo "forgejo-runner user exists."
|
|
|
|
# Change the user ID if needed
|
|
CURRENT_UID=$(id -u forgejo-runner)
|
|
decho "CURRENT_UID: ${CURRENT_UID}"
|
|
if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then
|
|
echo "Changing UID of forgejo-runner to ${RUNNER_USER}"
|
|
sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USER}:/" /etc/passwd
|
|
fi
|
|
else
|
|
echo "Creating user forgejo-runner with UID ${RUNNER_USER}"
|
|
adduser --uid "${RUNNER_USER}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner
|
|
fi
|
|
|
|
# Ensure /data is owned by the runner user
|
|
if [[ $(stat -c "%u" /data) != "${RUNNER_USER}" ]]; then
|
|
decho "Changing ownership of /data to ${RUNNER_USER}"
|
|
chown -R forgejo-runner:forgejo-runner /data
|
|
fi
|
|
fi
|
|
|
|
# Handle and alter the config file
|
|
if [[ -z "${CONFIG_FILE}" ]]; then
|
|
echo "CONFIG_FILE is not set"
|
|
CONFIG_FILE="/data/config.yml"
|
|
fi
|
|
CONFIG_ARG="--config ${CONFIG_FILE}"
|
|
decho "CONFIG: ${CONFIG_ARG}"
|
|
|
|
DOCKER_HOST=${DOCKER_HOST:-docker}
|
|
DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-"/certs/client"}
|
|
DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0}
|
|
decho "DOCKER_HOST: ${DOCKER_HOST}"
|
|
decho "DOCKER_TLS_CERTDIR: ${DOCKER_TLS_CERTDIR}"
|
|
decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}"
|
|
if [[ ! -f "${CONFIG_FILE}" ]]; then
|
|
echo "Creating ${CONFIG_FILE}"
|
|
run_command "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner
|
|
|
|
# Remove test environment variables if they exist in the config file
|
|
sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE}
|
|
sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE}
|
|
|
|
# Apply default values for docker
|
|
sed -i "/^ labels:/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
|
|
sed -i "/^ network:/c\ network: host" ${CONFIG_FILE}
|
|
sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE}
|
|
|
|
|
|
if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then
|
|
decho "Docker TLS diabled"
|
|
sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE}
|
|
else
|
|
decho "Docker TLS enabled"
|
|
sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE}
|
|
sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE}
|
|
sed -i "/^ options:/c\ options: -v ${DOCKER_TLS_CERTDIR}:${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE}
|
|
fi
|
|
fi
|
|
|
|
ENV_FILE=${ENV_FILE:-"/data/.env"}
|
|
decho "ENV_FILE: ${ENV_FILE}"
|
|
sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE}
|
|
|
|
if [[ ! -f "${ENV_FILE}" ]]; then
|
|
echo "Creating ${ENV_FILE}"
|
|
touch ${ENV_FILE}
|
|
echo "DOCKER_HOST=${DOCKER_HOST}" >> ${ENV_FILE}
|
|
echo "DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY}" >> ${ENV_FILE}
|
|
echo "DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR}" >> ${ENV_FILE}
|
|
fi
|
|
|
|
EXTRA_ARGS=""
|
|
if [[ ! -z "${RUNNER_LABELS}" ]]; then
|
|
EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}"
|
|
fi
|
|
decho "EXTRA_ARGS: ${EXTRA_ARGS}"
|
|
|
|
# Set the runner file
|
|
if [[ -z "${RUNNER_FILE}" ]]; then
|
|
RUNNER_FILE="runner.json" # use json so editors know how to highlight
|
|
fi
|
|
decho "RUNNER_FILE: ${RUNNER_FILE}"
|
|
sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE}
|
|
|
|
if [[ "${SKIP_WAIT}" != "true" ]]; then
|
|
secho "Waiting 10s to allow other services to start up..."
|
|
sleep 10
|
|
fi
|
|
|
|
if [[ ! -s "${RUNNER_FILE}" ]]; then
|
|
touch ${RUNNER_FILE}
|
|
try=$((try + 1))
|
|
success=0
|
|
decho "try: ${try}, success: ${success}"
|
|
|
|
if [[ ! -z "${FORGEJO_SECRET}" ]]; then
|
|
EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}"
|
|
echo "Registering with SECRET"
|
|
else
|
|
if [[ -z "${RUNNER_TOKEN}" ]]; then
|
|
echo "RUNNER_TOKEN is not set"
|
|
exit 1
|
|
fi
|
|
EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}"
|
|
echo "Registering with TOKEN"
|
|
fi
|
|
decho "EXTRA_ARGS after secret/token: ${EXTRA_ARGS}"
|
|
|
|
# The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker,
|
|
# for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within
|
|
# the context of a single docker-compose, something similar could be done via healthchecks, but
|
|
# this is more flexible.
|
|
while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do
|
|
run_command "forgejo-runner create-runner-file --connect \
|
|
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
|
|
--name \"${RUNNER_NAME:-$(hostname)}\" \
|
|
${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log"
|
|
|
|
cat /tmp/reg.log | grep 'connection successful' >/dev/null
|
|
if [[ $? -eq 0 ]]; then
|
|
echo "SUCCESS"
|
|
success=1
|
|
else
|
|
echo "Waiting to retry ..."
|
|
sleep 5
|
|
fi
|
|
decho "try: ${try}, success: ${success}"
|
|
done
|
|
fi
|
|
|
|
# Prevent reading the token from the forgejo-runner process
|
|
unset RUNNER_TOKEN
|
|
unset FORGEJO_SECRET
|
|
|
|
run_command "forgejo-runner daemon ${CONFIG_ARG}"
|